I joined Fly.io in the early days of the security practice, and led a number of initiatives to implement core capabilities across areas of corporate, infrastructure, product and application security. Some of these include:-- Implementation of a SIEM, including developing integrations with services, as well as detection engineering and designing alert triage strategies.-- Implementation of an osquery-based endpoint monitoring system, with a focus on posture management, vulnerability management and detecting indicators of compromise.-- Application and product security, code and architecture review, CI/CD security, application and network penetration testing.-- Implementation of eBPF-powered security observability on infrastructure hosts, including those responsible for hosting untrusted workloads. This focused on providing low-level visibility to our infrastructure to identify common TTPs used for initial access and lateral movement.-- Undertook in-depth research around the security of GPU virtualisation, specifically to gain visibility of malicious activity at the hypervisor level.-- Engineering of custom integration between endpoint management, SIEM, and users, to allow users to take responsibility for security events that may affect them, with full oversight from the security team.This was alongside the work general security staffing in a relatively small organisation, which included authoring security-related documentation and policy, education, threat hunting and intelligence and responding to incidents.

In 2020, Insomnia Security was acquired by CyberCX. As a senior and experienced member of the team, I took on variety of practice-level responsibilities, including scoping and scheduling of complex engagements across the entire NZ practice, as well as end-to-end responsibility of NZ-based adversary simulation engagements (e.g. red, purple teams) with high profile clients.

While continuing to deliver penetration testing and other security engagements, I developed technical specialisations in areas including cloud security, modern DevOps, wireless networking and password cracking, as well as specific expertise in domains such as payments, telecommunications, industrial control systems and aviation.I began leading a team of experienced consultants, with a focus on professional development, performance and advocacy. I also took on a central role around the lifecycle of engagements, undertaking detailed scoping work, delivery, as well as follow-up and presentation.

As my experience at Insomnia grew, I picked up further responsibilities and technical specialisations while continuing to deliver high-quality client engagements. These include deploying and managing infrastructure to support delivery including test labs, leading more complex client engagements (e.g. Red Teams), undertaking research and tool development and giving technical talks and presentations at local conferences and meetups, including Kiwicon, OWASP and ISIG.

A technical consultant role at a boutique security practice, specialising in delivering offensive securitytesting engagements for clients.

Insomnia Security was acquired by CyberCX in 2020

I joined Mighty Ape when the employee count was still in single digits. My role began as "Web Developer", taking care of changes to the previous site, templating marketing emails etc. with a small team.As Mighty Ape launched and grew, so did my role - encompassing full stack development of not only the website itself, but the software that powered the organisation - inventory, fulfilment, financial reporting, external integration etc.I also took on further responsibilities within the organisation, designing, deploying and maintaining the organisation's network and application infrastructure, databases, phone system as well as security responsibilities including intrusion detection and compliance (PCI DSS).My time at Mighty Ape showed me how effective small teams can be when they work closely with parts of the business, with an openness to adopt solutions that work, even if they eschew the current flavours-of-the-month.

Tier 3 Support engineer and systems administrator supporting Vodafone NZ messaging systems.